Identity fraud is changing fast and for employers, that creates a serious compliance challenge.
In our latest webinar, we were joined by the team at Trust ID - an organisation we integrate with to ensure safe, reliable right-to-work automation. The panel was made up of:
Mark Pendlebury - Business Development Director
Skye Remnant - Senior Analyst Manager
Sarah Croft - Sales and Marketing Director
Together, we explored how fraud is evolving, what the right to work landscape looks like in 2026 and how employers can reduce risk while keeping hiring efficient.
One thing became clear very quickly: fraud is not disappearing. It is adapting. As legislation changes and more checks move online, bad actors are finding new ways to exploit gaps in the process. For HR and recruitment teams, that means compliance can no longer be treated as a simple tick-box exercise.
Below is a full recording of the session and a summarised write-up to enjoy with your morning coffee! 🍵
Why right-to-work checks matter more than ever
Every employer in the UK has a legal responsibility to check that every employee has the right to work, regardless of their nationality, contract type or how long they will be working for the business.
That obligation has not changed. What has changed is the way employers can meet it.
Since the introduction of the Home Office digital scheme, employers now have a mix of routes available depending on the documents a candidate holds. Some candidates can be checked digitally, some can be checked remotely using share codes and others still need to follow a more traditional manual route.
That flexibility is useful, but it also brings added complexity. Hiring teams now need to understand which route applies in each case, what a compliant process looks like and where the risks sit.
Fraud is shifting, not slowing down
One of the most important takeaways from the webinar was that fraud trends tend to follow legislative change.
As older document types have been phased out and digital checking routes have become more common, fraudsters have adjusted their tactics. Trust ID has seen a noticeable shift away from some of the more traditional types of document fraud and towards imposter cases, particularly involving share codes.
-1.png?width=1600&height=900&name=Blog%20posts%20featured%20image%20templates%20(1)-1.png)
A share code may be genuine, but that does not automatically mean the person presenting it is its rightful holder. This is where employers can be caught out. If a legitimate share code has been obtained and used by someone else, the risk remains very real.
Trust ID shared that they identified hundreds of share code imposter cases across 2024 and 2025 alone. While the percentage may be small compared with overall check volumes, the impact of even one failed check can be significant for an employer.
British and Irish documents remain a key target
It is easy to assume that fraudulent documents are more likely to come from overseas, but that is not what the data shows.
Passports remain the most commonly counterfeited documents and British and Irish passports continue to feature heavily. That is largely because of how accessible and useful they are in the UK hiring process.
There has also been an increase in counterfeit driving licences. Unlike passports, driving licences do not offer the same level of machine-readable data, which means there is often greater reliance on visual inspection. That creates more pressure on employers and recruiters to spot inconsistencies without specialist training.
In practice, that is a difficult position to put any hiring team in.
The rise of digitally altered documents
Another major theme from the session was the growth in digitally altered documents.
With AI tools and editing software now more widely available, it has become much easier for someone to manipulate an image of a genuine document or create a highly convincing fake. Trust ID reported a clear increase in this kind of fraud during 2025, with signs that it is continuing into 2026.
What makes this especially challenging is how polished many of these attempts are. Untrained eyes may struggle to spot issues such as unnatural shadows, odd depth, inconsistent fonts or suspicious image backgrounds.
In some cases, fraudsters are even improving their fake documents after receiving feedback, making repeated attempts with more convincing versions.
That makes it even more important for employers to have robust processes in place and to avoid sharing unnecessary detail with candidates when a document has been rejected as fraudulent.
.png?width=1600&height=900&name=Blog%20posts%20featured%20image%20templates%20(2).png)
Why manual checks alone can leave employers exposed
There is still a place for manual right to work checks and employers can continue to carry them out for certain document types. But relying on manual checks alone comes with risk.
Most HR teams are not fraud experts. Even experienced recruiters may not feel confident challenging a suspicious document or deciding whether a candidate should be refused on that basis.
That is not a reflection on their capability. It is simply the reality of a process that has become more technical, more digital and more vulnerable to sophisticated fraud attempts.
This is where technology can make a real difference.
How digital identity verification supports compliance
Digital identity verification helps employers strengthen their process in several ways.
First, it can validate whether a document appears genuine by checking security features, machine-readable zones and known fraud indicators.
Second, it can confirm whether the person completing the check is the rightful holder of that document through selfie matching and liveness checks.
Third, where remote right-to-work checks apply, it can streamline the process for candidates and recruiters alike, removing delays and reducing admin.
Trust ID explained that where a document cannot be verified automatically or where a result is unclear, the check can then be escalated to trained analysts for manual review. That combination of technology and human expertise gives employers an extra layer of protection.
For our customers, this is where integration matters. Our applicant tracking system integrates with Trust ID, making it easier to initiate checks from within the recruitment workflow and receive the results back into the platform.
The importance of the statutory excuse
For employers, the ultimate goal is not just to carry out a check. It is to secure the statutory excuse.
This is the legal protection that can help shield an employer from a civil penalty if it later emerges that someone did not have the right to work. To establish that protection, the employer must show that they followed the correct process and completed the required checks properly.
Using a certified digital verification provider for eligible British and Irish passport holders can support that position. More broadly, using technology as part of a well-structured compliance process helps demonstrate that the employer took reasonable steps and followed due process.
Given that penalties can reach up to £60,000 per illegal worker, that protection matters.
Compliance is not just about fines
The financial consequences of getting right to work wrong are serious, but they are not the only risk.
A failed compliance process can damage employer brand, create operational disruption and lead to greater scrutiny in future. Once a business has been subject to enforcement action, it may find itself facing more attention from regulators and more internal pressure to prove that its processes are sound.
There is also the human cost. If managers are left to make difficult identity decisions without the right support, that can create uncertainty and stress at a point in the hiring journey where clarity is essential.
Why the day one imposter check still matters
Even where digital checks are used, employers still need to complete a final imposter check on day one.
In simple terms, that means making sure the person who turns up for work is the same person who completed the identity check. Home Office guidance requires this step, although it does not prescribe exactly how it must be recorded.
Many employers choose to build this into their onboarding process, often by asking the hiring manager to confirm that the individual matches the image in the report and to retain that confirmation on file.
It may seem like a small step, but it is an important one. There is little value in completing a compliant digital check if someone else arrives to do the job.
What employers should expect next
Looking ahead, the right-to-work landscape is likely to keep evolving.
There is already growing focus on areas such as the gig economy, subcontracting and self-employed workers, where accountability for checks can be less clear. It is also likely that fraudsters will continue to invest in more sophisticated methods, particularly using AI and digitally altered identity documents.
For employers, that means compliance needs to be proactive rather than reactive.
Now is the time to review current processes, identify where the risks sit and make sure your hiring teams have the right support in place.
Final thoughts
Right-to-work compliance in 2026 is about much more than checking a passport.
Employers need to navigate changing legislation, rising fraud risk and increasingly complex hiring journeys while still delivering a good candidate experience. That is not easy to do manually and it is not something teams should be expected to manage alone.
The good news is that the right combination of technology, process and expertise can make compliance much more manageable. It can also give employers greater confidence that they are hiring safely, efficiently and in line with their obligations.
For organisations hiring at scale or in highly regulated environments, that confidence is invaluable.